Privacy Policy

English Version

What is the Purpose of a Privacy Policy?

This privacy policy declaration is to inform you in accordance with my obligations about the collection, processing, use and storage of personal data as well as the use of cookies in connection with you visiting my website. This concerns myself as the website operator, my webspace host, and also third-party online services.

The protection of personal data is very important to me. Therefore, I treat it carefully, confidentially and according to statutory data protection regulations and also in accordance with this privacy policy declaration. I aim to collect only the absolute minimal amount of data as possible.

In general, I have to state that in connection with online data transfer absolute protection against access by third-party agents is not possible and as such I cannot guarantee it.

Who is Responsible for This Website

I am the operator of this website and responsible for my part of its data processing. You can contact me here:

Angela Carstensen
Heidkampsstieg 14
25469 Halstenbek
Deutschland
E-Mail: info@angela-carstensen.de
Telephone: +43 4101 8142408
Imprint: https://www.angela-carstensen.com/impressum

I hereby object to the use of these contact details, published as part of my imprint obligation, for anyone sending unsolicited advertising and information materials and expressly reserve the right to take legal action in the event of unsolicited advertising information being sent (e.g. in the form of spam email).

In addition to the data I collect, there is also data collection carried out by the web host, the provider of the content management system I use and the social media platforms on which I have accounts and which I link to from my site. I will list contact addresses for these third parties in the relevant sections below.

Legal Basis

The legal basis of this privacy policy declaration is the current version of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), GDPR for short.

Personal data categories, according to Art. 4 Nr. 1 GDPR, are names, email addresses, telephone numbers or postal addresses among others.

If data processing is to be lawful, at least on of the following conditions has to be met, in accordance with Article 6 (letters corresponding to those in the official regulation text):

  1. Consent, which can be retracted at any time.
  2. Performance of a contract
  3. Legal obligation, for example in connection with legally regulated storage times for documents such as invoices.
  1. Legitimate interests, for example ensuring IT security and the smooth running of my website.

points d and e refer to data collection for the purpose of protecting your vital interest and of official authorities carrying out tasks. Neither of them apply to my website.

In Germany, the Bundesdatenschutzgesetz is also relevant.

Article 15 guarantees the right to access of information and confirmation about data collected, processed and stored by the controller, free of charge. This information concerns the purpose, the types of data involved, the anticipated period of storage, third parties given access, the storage location, the safety measures taken for data protection and whether the data is used to construct a personal profile.

The GDPR also gives those affected the right to know that they have the right to correction, erasure, objection to processing and restriction of use.

In other words, you have the right to contact me in order to find out what kind of data about you I have collected, processed and/or stored. I am legally obliged to deliver information about this personal data in a portable format.

You also have the right to request that I correct or erase your personal data from my storage as long as I am not legally required to continue storing it.

You also have the right to request that I restrict your data, which means that it is still stored but not further processed.

You are entitled to object to processing of data that has been collected on the basis of my legitimate interests.

You can also object to your data being processed for marketing or profiling purposes. Profiling refers to automated data processing in order to analyse or predict a person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

In addition, you can complain to a supervisory authority, without prejudice to other administrative or judicial remedies.

My company is legally located in Schleswig-Holstein. The competent data protection authority is:

Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein
(Anstalt des öffentlichen Rechts)
Postfach 71 16
24171 Kiel

Telephone: 0431 988-1200
Fax: 0431 988-1223
https://www.datenschutzzentrum.de/

More information can be obtained with Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)

During the review of such a complaint or objection and the consideration of the legality or the interests of all parties involved, users again have the right to request restriction of processing of their personal data. In this case, processing is only possible if consent has been given, the rights of other legal or natural persons need to be protected or there is an important public interest.

Cookies

My website uses HTTP cookies to store user-specific data. These are small text files that are stored on the users’ computers. Important: Cookies are not programs and cannot exert malicious activity on a computer. They mainly take up space and help trace the surfing behavior of the person in question.

One category is first-party cookies, i.e. files that the site visited stores on users’ devices. When you access the same page again, the cookies are referred to. On this basis, the website software knows what information it should present and how.

Third-party cookies are created and transferred by partner websites. These partner companies are interested in offering advertising that is as closely tailored as possible. There is no advertising on my website and I also do not collect any visitor statistics, which would create a large portion of this kind of cookies.

Upon visiting my site for the first time, you will be asked which cookies you will allow. Cookies that providers use for functional purposes can be deleted, deactivated or managed by users in their browser. In principle, every browser can be set to request consent everytime a cookie is about to be set. Depending on which browser is used, this works in different ways. However, it should be noted that not all functions may then work as usual. The German authority for consumer advice (Verbraucherzentrale) recommends regularly managing cookies on your computer.

To manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents, I use the consent tool “Real Cookie Banner”. Details on how “Real Cookie Banner” works can be found at https://devowl.io/rcb/data-processing/. I do not use tracking pixels or web beacons myself.

The legal basis for the processing of personal data in this context are Art. 6 (1) lit. c GDPR and Art. 6 (1) lit. f GDPR. My legitimate interest is the management of the cookies and similar technologies used and the related consents.

The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal data, we will not be able to manage your consents.

Safety Measures

As a self-employed person without employees, I am the only person within my company with access to any relevant personal data. I do my accounting based on the Lexware app. To ensure the secure handling of the data required for this, I have signed a contract with Lexware GmbH for request processing in accordance with Art. 28 GDPR.

My website is HTTPS based (Hypertext Transfer Protocol Secure) to ensure the transferral of all data from the user’s browser to my web server and back is as secure as technically possible. You can see this from the padlock symbol in the address bar to the left of my URL and also by the fact that the URL starts with the letter combination “HTTPS”.

Data Collection and Storage as Pertains to Me

Once you call me on the phone, contact me via email or my contact form, you give me your personal data in the form of your name, phone number or email address. In my function as a tutor I require names and addresses to set up contracts, send invoices and communicate with my contract partners. This can also involve mobile phones and mobile phone apps. I store this data within the legally prescribed duration of time or as long as is necessary to manage an inquiry.

Using my contact form or my blog’s comment function will store personal data on a web server. This data is then transferred to me via email. In these cases users and potential contract partners disclose their data to me of their own accord.

I will not pass on any of this data without the affected users’ consent. I will process data in accordance with Article 6 Paragraph 1 Letter b GDPR if the conclusion of a contract is the shared intention. In all other cases, data processing is based on my legitimate interest in the effective processing of the inquiries addressed to me (Art. 6 Para. 1 lit. f GDPR) and/or the consent of the respective users.

In general, I store and process personal data only for as long as is absolutely necessary for me to provide my services, until consent is revoked, or until I am asked to delete or restrict access to it. Mandatory legal requirements – especially statutory retention periods – are unaffected.

Once there is no further reason for data storage I will delete it just as I will comply with request for data deletion provided that I am not obliged to continued storage.

I do not collect, process or store personal data for profiling or marketing purposes.

Web host

I create my own website content. The technical part (the so-called web hosting) is carried out by a provider. In my case this is:

ALL-INKL.COMm
Hauptstraße 68
D-02742 Friedersdorf
https://all-inkl.com/datenschutzinformationen/

Upon visiting a website some information is automatically gathered, such as the browser used, the operating system on the user’s computer, websites visited previously, as well as date and time. The other data is used to guarantee a smooth content presentation process.

IP-logging is disabled on my website.

The liaison with my web host serves to ensure that my online content is provided securely, quickly and efficiently (Art. 6 Para. 1 lit. f GDPR). In order to ensure data protection-compliant processing, I have signed a data processing agreement in accordance with Art. 28 GDPR with my hoster ALL-INKL.COM.

Content Management System

This website is based on the content management system WordPress. This may mean that user’s personal data be collected, stored and processed.

Content management systems are easily usable software that enables anyone to flexibly create and maintain websites. In consequence, the websites users also benefit from the use of this technology. Therefore. the condition of a legitimate interest is met (Art. 6 Para. 1 lit. f GDPR).

A blog is one part of my website. I use it to write posts which can be read by users. Underneath these articles users can communicate with me via a comment form. The purpose of this blog is to provide its readers with varied and interesting content and ideally to exchange ideas and perspectives with them.

The blog is also based on WordPress, Technical user information may be collected for smooth and pleasant content presentation.

Upon commenting on my blog, the user’s IP, name, email address and the comment in question are stored to avoid spam and unlawful activity. I will not pass on this data without the affected user’s consent and delete it upon request, provided I am not legally obliged to further store it.

It is possible that WordPress will store mainly technical data according to their own policies. This is to ensure a smooth user experience.

Additionally, personal data entered into contact forms may be processed by WordPress. I have no influence on this part of my website’s data collection. As already stated, any browser can be adjusted to request consent for every cookie about to be set.

The company behind WordPress is:

Aut O’Mattic A8C Ireland Ltd.
Grand Canal Dock
25 Herbert Pl
Dublin
D02 AY86

WordPress also processes data in the USA. However, they have joined the EU-US Data Privacy Framework. This legally binds them to adhere to EU data protection law if the users affected are EU citizens.


Further questions will be answered by WordPress’ own privacy policy and cookie policy.

Facebook and Instagram

I maintain accounts on both Facebook and Instagram to promote my latest blog articles and also for networking. Anyone wanting to read these social media posts has to leave my website for the platform in question. Link icons can be found in my footer bar. These will lead the user to my Facebook fan page and to my Instagram business account.

While you are on my website and do not click the icons, they do not collect and/or transfer your personal data.

I do not embed any Facebook or Instagram content on my website. I also do not collect or process any user data for advertising or marketing purposes and do not implement any Facebook or Instagram tools on my website.

Accordingly, just using my website will not transfer data to Meta Platforms Inc. Only by clicking the links in my footer bar, user will move on to either Facebook or Instagram where their data will be collected, processed and exchanged across all Meta products.

Both Facebook and Instagram store data in the USA. Facebook is a social media network within Meta Platforms Inc. For Europe the responsible company is:

Meta Platforms Ireland Limited
4 Grand Canal Square
Grand Canal Harbour
Dublin 2
Irland.

Instagram has been part of Meta Platforms Inc. cince 2012, and as such it is a Facebook product. The actual company responsible is:

Instagram LLC
1601 Willow Rd
Menlo Park CA 94025
USA

Data collected and forwarded via my Facebook fan page is my responsibility as well as that of Facebook Ireland Ltd. However, Facebook alone is responsible for further processing of this data. This is stated in the publicly accessible agreement. Therefore, it is my duty to provide clear information about the link to Facebook.

Facebook, on the other hand, must guarantee the data security of Facebook products. I am obliged to forward inquiries directly to Facebook. It makes most sense to contact Facebook directly, if you have any questions.

I recommend extra study of Meta’s privacy policy (for both Facebook as well as Instagram), Facebook’s privacy policy as well as Meta’s cookie policy.

The EU provides templates for international data processing and Facebook also uses a standard contractual clause in accordance with Article 46, Paragraphs 2 and 3 of the GDPR. This means that Facebook is obliged to adhere to European data protection standards, even if the data is stored, processed and managed outside the EU.

As already mentioned, every browser can be adjusted so that consent is requested before a cookie is set.

According to the European Court of Justice, Facebook currently does not guarantee an adequate level of protection for data transfer to the USA. This can pose various risks to the legality and security of data processing.

YouTube

I use a YouTube channel to upload videos with meditations and tutorials for the purpose of sharing them with those interested. A link icon can be found in my footer bar. This will lead the user to my YouTube channel page.

While you are on my website and do not click the icon, it does not collect and/or transfer your personal data.

There are no YouTube videos embedded in my website.

YouTube is a video platform and has been a subsidiary of Google since 2006. It is operated by:

YouTube
LLC, 901 Cherry Ave.
San Bruno
CA 94066
USA

Google Ireland Ltd.
Gordon House
Barrow Street
Dublin 4
Ireland

Clicking the YouTube icon in my footer bar will connect users to YouTube’s and Google’s servers, respectively. Google Ireland Ltd is responsible for all data processing in Europe.

YouTube also processes data in the USA, among other places. Again, according to the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA, which can pose various risks to the legality and security of data processing.

YouTube also uses a standard contractual clause in accordance with Article 46, Paragraphs 2 and 3 of the GDPR. Thus, YouTube is legally obliged to adhere to the EU level of data protection when processing relevant data even outside the EU.

YouTube and its parent company Google offer a joint privacy policy.

Google and Web Fonts

To provide a uniform display of written content, my website uses so-called web fonts, provided by Google.

These Google webfonts are hosted locally, that means they are stored on my own server space. Visiting my website does not initiate a connenction to Google’s servers.

Google’s contact address is:

Google Ireland Limited
Gordon House
Barrow Street
Dublin 4
Irland
Tel: +353 1 543 1000
Fax: +353 1 686 5660

More information about Google webfonts is provided in the Google webfont developers FAQ and in Google’s privacy policy.

Mastodon

I have an account on the micro blogging platform Mastodon. I use it to promote my latest blog articles and also for networking.

A link icon can be found in my footer bar. Clicking this icon will lead the user to my Mastodon profile on to the instance mastodon.online.

While you are on my website and do not click the icon, it does not collect and/or transfer your personal data.

There is no mastodon content embedded in my website.

Mastodon is a GDPR compliant open-source networking server. The company behind is:

Elestio
66 Fitzwilliam Square
Dublin, 2 D02 AT27
Irland, Europa

More information is provided in their privacy policy.

The instance mastodon.online is a part of the Mastodon network:

Mastodon gGmbH
Mühlenstraße 8a
14167 Berlin
Germany

Mastodon.online’s moderators provide their own privacy policy.

Teech

I offer online tutoring based on the GDPR compliant video teaching platform teech. During online chat sessions, teech will collect technical data to enable proper communication software functionality. Also they set cookies for functionality reasons. Cookies placed by Teech will remain on the students’ computers until they delete them themselves. No login is required from any students.

I use teech for the purpose of offering remote lessons in the case of the student or their legal guardians requesting it. My contract partners’ consent can be revoked at any time with future effect.

teech Education GmbH
Verwaltungssitz
Schlossgartenstraße 69
64298 Darmstadt
datenschutz@teech.de
+4961513946040

Teech offers their own privacy policy (in German).

Teech also stores any data entered via writing on the virtual whiteboard and theoretically recorded session videos.

I explicitly do not record my online lessons.

In a separate window shared during lessons, I will make notes. At the video call these will be converted to a PDF file and then sent to my students, if they request it. Upon request, I will delete these PDF files.

Thank You!

In addition to my legal obligations, data protection is very important to me personally, as is informing you about the data that will be collected, processed and stored when you visit my website.

I wish to thank you for reading my privacy policy declaration and thank you for placing your trust in me.

Please contact me if you have any further questions.

German Version

WordPress Cookie Plugin by Real Cookie Banner